The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
The Group Domain of Interpretation (GDOI) as defined in M. Baugher et al., “The Group Domain of Interpretation,” Request for Comments (RFC) 3547 of the Internet Engineering Task Force (IETF) (December 2002) is currently used in certain virtual private network (VPN) systems to distribute group keys to a group of VPN gateways attached to a private wide area network (WAN), such as a multi-protocol label switching (MPLS) network. In one approach, large groups of VPN gateways are configured to communicate with each other such that eavesdroppers cannot view, modify, or replay encrypted packets between sent between the gateways. Group keying can be used, and GDOI can be used to provide group keys to tunneling technologies (such as dynamic multipoint VPN [DMVPN] and Layer 2 Tunneling Protocol [L2TPv3] tunnels).
In one approach, all VPN gateways install and use the same keys. This is often an adequate level of security because each VPN gateway is trusted to pass the same data to any other gateway, and all VPN gateways are trusted identically. However, if group keys available on any VPN gateway are revealed to an attacker, then the attacker can eavesdrop on all traffic in the entire VPN. Furthermore, the attacker can inject packets claiming to be from any of the legitimate VPN gateways.
Some users may prefer that the threat of eavesdropping and spoofing be reduced or otherwise mitigated while still maintaining the scalability of the group VPN. In particular, some VPN gateways are installed on premises that are not physically secured or managed by the VPN gateway security administrators. The administrators of such VPN gateways are legitimately concerned that an attacker will obtain access to the VPN gateway and attempt to extract its keys.